Hello.
I installed a new set of Aruba 105's at a remote office running Corporate access with Radius Auth and Guest access with password Auth, both on separate non-routed vlans. The Version is 6.2.0.0-3.2.0.4_38110.
We also have the identical setup at our main office running Version 6.1.3.4-3.1.0.1_35899.
A pen tester found that if you authenticate to the remote office guest wireless, then revisit the url a few times (https://securelogin.arubanetworks.com/swarm.cgi?opcode=cp_generate&orig_url=687474703a2f2f736c617368646f742e6f72672f).
The config, including Admin user/password and Radius password are displayed in plain text.
Then - very scary, if you go to the URL https://securelogin.arubanetworks.com/#home (dispite being on a separarte vlan) you get the contoller home page, which you can log in to with the previously found admin user/pass.
This was mitigated by simply going to Settings>General>Deny inter user bridging - Enable and Deny local routing - Enable.
At our main office (Version 6.1.3.4-3.1.0.1_35899) these settings are Disabled, but I am unable to replicate the issue here. So it must be a vulnerability with 6.2.0.0-3.2.0.4_38110.
Has anyone come across this vulnerability before and know if it is fixed in later versions?
Thanks